VMware NSX : Segment ID pool and Transport Zone Configuration

We have configured the VXLAN and we need to configure a Segment ID pool. Each VXLAN has it’s own Segment ID (VNI – VXLAN Network Identifier, similar to VLAN ID). All the VXLAN traffic bounds to it’s VNI and allows to network isolation. These Segment IDs have 1.1 ratio to the Logical networks. It’s a 24 bit number which added to the VXLAN frame and it allows to the 16 million potential networks. However, it’s not configure more than 10,000 VNIs in a single vCenter server because vCenter limits the number of dvPort Groups to 10,000. Also one of the other consideration is not overlap the segment IDs in a Cross vCenter environments.

Segment ID Configuration

Go to Installation -> Logical Network Preparation -> Segment ID and click on the Edit button

Provide the Segment ID range in the Edit Segment IDs and Multicast Address Allocation window. VMware NSX Segment ID (VNI) range is 5000-16777216. Multicast addressing is an optional configuration. If you are prefer not to deploy any controllers you can use this option

Transport Zone Configuration

Transport Zone controls the domain of the Logical switch in set of ESXi hosts. It can decide which clusters can use a given Logical Switch. A Universal Transport Zone can span across multiple vCenter servers. However one Logical Switch can belongs only to one Transport Zone. Also there can only be one Universal Transport Zone Read More

VMware NSX: Recover NSX Manager from Read-only file system – UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY.

I ran out of this issue after fixing an issue in the storage system. It took sometime to resolve the Storage issue and I started my Virtual Machines, NSX Manager and Controllers. I was waiting to check the NSX Components in my vCenter and it was not there. My NSX Manager VM was up and running and I opened a console and checked the NSX Manager status. I was able to see this in my screen.

“/dev/sda2: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY.

                (i.e. . without -a or -p options)

FAILURE: 

File system errors were encountered that could not be fixed automatically. This system cannot continue to boot and therefore be halted until the errors are fixed manually by a System Administrator

After you press Enter. this system will be halted and powered off. “

I hit Enter and my NSX Manager powered off. I tried the same thing again and got the same result. I wanted to start fixing this issue as I was not able to check the NSX components. I was talking to a friend who has more knowledge in Linux and checked a solution for this. Generic fsck commands didn’t accept and started the troubleshooting further.  Read More

VMware NSX : Data plane , Control Plane and VXLAN Configurations

We have completed the NSX Manager deployment in the previous post and now we are going to deploy the NSX Controllers which are treated as the Control Plane of the NSX. NSX Controllers are Virtual machines. There should be at least three Controllers for the redundancy.

It is important to understand that NSX Controllers use the scale out mechanism and slicing which divides the equal workload across the Controller Nodes. All Controllers are active at the same time and if one controller fails other nodes are taking over the workload which was allocated to the failure node.

Click on the + sign of the NSX Controller nodes option

Once you get the Add Controller window provide the details such as Name, select the NSX Manager, Datacenter, Cluster/Resource Pool, Datastore, Host, Folder, Connected PortGroup, IP pool and Password. If you haven’t configure the IP pool of your datacenter yet click on the Select option. Read More

VMware AppDefence Overview : Transforming Security through Virtualization

Datacenter security is one of the main concern for a company and it’s workloads. There are lots of security enhancements in the networks to protect your workloads from these security threats. VMware recently introduced VMware AppDefence as a datacenter endpoint security product that protects applications running in a Virtual environment.

VMware AppDefence primarily monitors the applications against their intended state and automatically respond to the deviated status indicating a threat.

Key Highlights of VMware AppDefence:

  • Simply, it’s datacenter endpoint security
  • Improve threat detection in SOC (Security Operations Center)
  • Automated Incident responses
  • Streamline Application Security reviews

Leveraging VMware AppDefence Delivers three main advantages over existing endpoint solutions:

  • Authoritative knowledge of application intended state: Within the VMware vSphere hypervisor AppDefence has the authoritative understanding how the endpoints are meant to behave in the normal operation. If there is a change AppDefence is the first to know the changes. It has contextual awareness to understand what is the actual threat
  • Automated, precise threat response: When there is a threat detected AppDefence will automatically trigger the the security operations along with the VMware NSX to prevent the security breach, these actions can be taken automatically:
    • Block process communication
    • Snapshot an endpoint for forensic analysis
    • Suspend an endpoint
    • Shut down an endpoint
  • Isolation from the attack surface: It does not allow Malware to stop the AppDefence even though the endpoint is compromised. Most of the Malware disable the security endpoints, Antivirus solutions after the infection

VMware AppDeffence does not produce lots of Alerts to the Security Operations Center and it takes automated responses to the threats. It helps SOC and Application engineering teams to streamline their security review processes.

Understanding VMware AppDefence: Tom Corn Perspective

References:

VMware NSX : NSX Manager Deployment

 

Software Defined Networking is playing a key role of the software defined datacenter technologies. Hope that you may already heard of VMware NSX and it’s features and use cases in a Software Defined Datacenter. VMware acquired the company called Nicira which helped to originate the Software Defined Networking in mid 2000s. After acquiring this company in 2012 VMware released the network Virtualization platform called NSX as a combination of VMware in house R&D projects and Nicira technologies.

That is the bit of history about this greatest technology and if you are interested there are lots of articles in the internet. I’m not writing this to bring you the history of the technology and I’m planing to discuss few articles of the NSX Configuration. So let’s start from the beginning. Read More

Fast Lane Support with My VMware Mobile App – Overview of VMware BCS and MCS Support

 

If you are responsible for any running Mission critical or Business critical workloads in your VMware Virtual datacenter you better to have Fast Lane support with Mission Critical or Business Critical support from VMware. It reduces the amount of time for your support request escalation along with the personalized reactive and proactive support services. It’s a separated subscription service and depend on the company requirement. I will discuss the features later in this post.

MyVMware Mobile App is a great tool to log High Priority support request without using your computer and web browser. You can download this app from itunes for your iPhone/iPad and Google play store for Android mobiles and tabs.

You need to have the corporate My VMware account to operate this application. Once you installed the App on your device login using the corporate My VMware username and password. Read More

A Server error occurred. [500] SSO error:null

 

Previously, I wrote a post about re-pointing the PSC and after a while I logged in to the same environment and I ended up with this error message on my screen. I was so frustrated as I have done few changes to this environment and thought something went wrong while I was doing these changes. See below error message that I received from my vCenter Server appliance.

So , I started to troubleshoot this issue. Simply it says check the vSphere Web Client logs for more details, that is the simplest way which we can start this. so I opened a ssh session to my vCenter server appliance and enabled the shell. I used below command to check the vSphere client log

Read More

Nested Virtualization: VCSA 6.5 deployment on Oracle Ravello Cloud

 

I was building a lab on Oracle Ravello Cloud and I wanted to install VMware vCenter Virtual Appliance 6.5 on a deployed ESXi host. I started the deployment as usual and the deployment failed in the middle of the VCSA configuration. It was not able to power on and below error message deployed in the ESXi host client. “Failed to power on virtual machine <VM_NAME>. You are running VMware ESXi through an incompatible hypervisor. You cannot power on virtual machine until this hypervisor disabled“. See below error message.

So I tried to manually Power on the Virtual Machine and was not able to do that and ended up with the same error message again and again. Read More

Reconfiguring Embedded vCenter Server Appliance to an External Platform Service Controller

 

In my test lab I have deployed VMware vCenter Appliance (VCSA) 6.0 with an embedded Platform Service Controller and I wanted to reconfigure this with an external Platform Service Controller. At the initial stage I was doubt about this and I started to checking the possibilities of change the configuration.

I had a question and I wanted to know whether there is a way to find the pointed Platform Service Controller in my vCenter. There are two ways that you can find the pointed Platform Service Controller.

I logged in to the vCenter and checked the config.vpxd.sso.admin.uri advanced vCenter parameter and we can easily find the pointed Platform Service Controller Read More

VMware Cloud on AWS Technical Overview

 

VMware has released the VMware Cloud on AWS recently and I’m so excited to read the white paper of the solution and I have been explaining and sharing the details with my junior colleagues at the office. I was really interested about this and I have been watching some YouTube videos at the initial stage of the release. So I thought to write this article based on the white paper to share the details of the initial overview of the product. Hope this will help my colleagues to understand and get the insight of this release.

With the partnership of AWS VMware brings the enterprise-class Software Defined-Data center experience to the customers. It allows you to run the VMware based cloud applications on the optimized AWS bare-metal hypervisors. It has been released as an on-demand service and customers can manage their Virtual Machines along with the upgraded VMware tools on the VMware Cloud on AWS platform.

Read More